Making regular backups of data is probably the most important and easiest tasks to manage.
Although most people are quite aware of the risks and cost of losing data through hard drive failure or accidental deletion, it is best to have a policy and schedule in place for maintaining data backups.
When developing your backup strategy, you need to consider:
Sensitive data should not be stored on a computer connected to the internet or network. If the data needs to be destroyed at the end of a project then consider what level is required – overwriting, physical destruction, shredding, etc.
The lifetime of backups should also be considered as data degradation (data decay, data rot or bit rot), is an ever-present problem. Burned optical discs only have an average lifetime of two years.
If you are using a network drive, you should speak to IT Staff about their backup policies (e.g. how often they backup, the maximum amount of data they can backup, and how long they keep backups).
You may need to maintain your own backups if:
Your data will be used to obtain the results and conclusions of your research, so it is important to ensure its accuracy. Your data may also become an important dataset used by many others, so errors have the potential to hinder future research efforts.
It is therefore important to set up policies and practices to ensure the accuracy and authenticity of your data, including:
It is important to document experimental or data gathering methods - this will help if your results are questioned, or assist those who want to repeat/extend your research. It is also valuable to document analytical methods (e.g. if you write a script/macro/program to help analyze the dataset by producing graphs or statistics from your dataset).
You should consider recording information digitally, or scanning hardcopy notes. This information is more useful if it is archives alongside the data it refers to.
Well-defined access controls help you to comply with privacy policies, and maintain data authenticity by limiting those who can modify it.
Access controls may change throughout the life of the research project, and can be defined on a per-user or per-data basis. When data is active you will probably use per-user access permissions:
For example - the principal researcher would have Administrator permissions over all data and Read access to confidential survey data. Research collaborators would have no access to the confidential survey data, Read access to de-identified survey data, and Write access to data analysis and publications.
Access permissions are usually set by right-clicking on a file and editing the security properties.
It is important to consider the security of your own data to prevent:
Data Security at ANU
ANU has extensive range of policies and information related to IT security. ANU staff and students can install Sophos Anti-Virus on their office and home computers.
If you have sensitive data that is covered by privacy laws or confidentiality agreements it is best to store them on a computer that is not connected to any network. If this is not possible then you can also consider encrypting your data (there are currently no services at ANU to do this).
You must also consider physical security. It is possible for someone to remove your computer hard-drive and install it on their own computer where they can bypass access restrictions. For highly sensitive data you can use an external hard-drive and store it in a locked safe overnight.
+61 2 6125 5111
The Australian National University, Canberra
CRICOS Provider : 00120C
ABN : 52 234 063 906